Latest Xen Project release delivers security enhancements for embedded and automotive use cases with support for the latest hardware features

SAN FRANCISCO, June 23, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced the release of Xen Project 4.7. The release minimizes downtime and improves the user experience with non-disruptive security patching, and includes security enhancements for embedded, automotive, IoT and new security use cases. The new release also adds support for the latest hardware features from Intel and ARM.

Xen Project Hypervisor 4.7 comes equipped with Live Patching, a technology that enables re-boot free deployment of security patches to minimize disruption and downtime during security upgrades for system administrators and DevOps practitioners. Xen Project 4.7 implements version 1 of the Hypervisor Live Patching specification, which is designed to encode the vast majority of security patches (approximately 90%) as Live Patching payloads. This version ships with a Live Patching enabled hypervisor and payload deployment tools and is available as a technology preview.

For security, embedded automotive and IoT use cases, Xen Project introduced the ability to remove core Xen Hypervisor features at compile time via KCONFIG. This ability creates a more lightweight hypervisor and eliminates extra attack surfaces that are beneficial in security-first environments, microservice architectures and environments that have heavy compliance and certification needs, like automotive.

“The Xen Project hypervisor is innovating in all areas and continues to evolve to meet the new needs of cloud computing and compute infrastructures,” said Lars Kurth, chairperson of the Xen Project advisory board. “Xen Project 4.7 is a testament to the incredible collaboration that is happening within the community, and a continuation of our shorter release cycle.”

The Xen Project powers more than 10 million users across enterprise and cloud computing in addition to embedded and mobile devices. First to market with Intel and ARM features, many of the world’s largest companies and service providers use and invest in Xen Project software. Xen Project software is used in many commercial products, including Bitdefender Hypervisor Introspection, which was developed in close collaboration with Citrix. This technology leverages Xen Project’s Virtual Machine Introspection feature to reveal malicious activity, however stealthy, which can remain invisible to traditional endpoint security.

The following new features and capabilities are available in Xen Project Hypervisor 4.7:

Usability Improvements: In Xen 4.7, a new XL command line interface to manage PVUSB devices has been introduced to manage PVUSB devices for PV guests. The new XL commands also enables hot-plugging of USB devices as well as QEMU disk backends, such as drbd, iscsi, and more in HVM guests. This new feature allows users to add and remove disk backends to virtual machines without the need to reboot the guest. In addition, the soft reset for HVM guests allows for a more graceful shutdown and restart of the HVM guest.

Support for a wider range of workloads and applications: The PV guest limit restriction of 512GB has been removed to allow the creation of huge PV domains in the TB range. TB sized VMs, coupled with Xen Project’s existing support for 512 vCPUs per VM, enable execution of memory and compute intensive workloads, like big data analytics workloads and in-memory databases.

Enhanced Development with ARM: Xen Project now supports booting on hosts that expose ACPI 6.0 (and later) information. The ARM Server Base Boot Requirements (SBBR) stipulate that compliant systems need to express hardware resources with ACPI; thus this support will come in useful for ARM Servers. This effort was carried out by Shannon Zhao of Linaro with minor patches from Julien Grall of ARM.

Additionally, PSCI 1.0 compatibility allows Xen Project software to operate on systems that expose PSCI 1.0 methods. Now, all 1.x versions of PSCI will be compatible with Xen Project software. More information on Power State Co-ordination Interface can be found here. This effort was also carried out by Julien Grall with a patch from Dirk Behme of Bosch.

Xen Project 4.7 is the first to include Code and Data Prioritization (CDP), part of the Intel® Resource Director Technology (RDT) Framework and an extension of Cache Allocation Technology (CAT), first introduced in Xen Project 4.6. The introduction of CDP allows isolation of code/data within the shared L3 cache of multi-tenant environments, reducing contention and improving performance.

Additional features specific to the Intel Xeon processor family in Xen Project 4.7 include: VMX TSC Scaling, which allows for easier migration between machines with different CPU frequencies and support for Memory Protection Keys, a new security feature for hardening the software stack.

Comments from Xen Project Users and Contributors

“Oracle is committed to designing and delivering best-in-class cloud services to help businesses transition from traditional systems to the cloud,” said Ajay Srivastava, senior vice president, Linux and Virtualization, Oracle. “The new live patching capabilities in Xen Project Hypervisor 4.7 can help reduce downtime for private, public and hybrid cloud environments, which is of vital importance to our customers.”

“Intel is focused on enabling widespread cloud adoption and works across the industry to deliver the best architecture for the current and future needs of compute, storage, and networking,” said Susie Li, Director of Virtualization, Intel Open Source Technology Center and Xen Project Advisory Board Member. “The work the Xen Project community has achieved underpins many of the world’s largest and most successful data centers in the world, setting the standard for performance, security, and capabilities. Xen Project 4.7 is developed with the latest Intel platform features to make it easier to deploy and scale clouds, so businesses can deliver services to their customers faster and more securely.”

“Organizations continually have to readjust their security strategy to mitigate deep threats to IT systems. Bitdefender Hypervisor Introspection (HVI), which is tightly integrated with XenServer Direct Inspect API from Citrix, runs memory introspection at the hypervisor-level,” said Harish Agastya, Vice President of Enterprise Solutions at Bitdefender. “The Xen Project hypervisor provides critical virtualization and security building blocks, which enable us to partner with Citrix to create a new security layer that detects suspicious activities by working directly with raw memory – a level of insight from which malware cannot hide.”

Additional Resources

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

Open Source Hypervisor Community Descends on Toronto to Discuss, Educate and Collaborate on the future of the Xen Project Virtualization

SAN FRANCISCO, June 8, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced the program and speakers for theXen Project Developer Summit that brings together developers, integrators and power users for in-person collaboration and educational presentations. The event will take place in Toronto, Canada from August 25-26, 2016 co-located with LinuxCon North America.

The Xen Project hypervisor was built to be forward-looking and nimble like the cloud itself. It powers the new needs of computing and virtualization through a rich ecosystem of community members that focus on everything from security, embedded, and web-scale environments. The Summit is an opportunity for developers and software engineers to collaborate and discuss the latest advancements of Xen Project software. It is a neutral event focused on education and collaboration amongst those interested in Xen Project technology, virtualization and cloud computing.

“The Xen Project community is made up of an incredibly talented group of developers,” said Lars Kurth, chairperson of the Xen Project advisory board. “The Xen Project Developer Summit, is a great opportunity to learn more about how the Xen Project is growing with new computing infrastructures and how it is used in new market segments, such as the automotive industry, mobile as well as IoT.”

In addition to presentations, the Xen Project will be running a half-day hackathon alongside the Summit on the last day. Xen Project hackathons have evolved in format into a series of structured problem solving sessions that scale up to 50 people.

This flagship event features presentations on the latest developments, best practices, collaboration, product roadmap updates and future planning from developers and users who are leading the way in server density, hardware, automotive, cloud and enterprise security. The following are several confirmed speakers and presentations:

Christopher Clark, consultant at BAE Systems, will present on the OpenXT Project and how developers can assist in contributing to the project. OpenXT Project is a development toolkit for hardware-assisted security research and appliance integration; it stands on the shoulders of the Xen Project, OpenEmbedded Linux and XenClient XT.

Mihai Dontu, technical project manager at Bitdefender, will present on the technical hurdles he and his team had to overcome when building a commercial product on the introspection capabilities of the Xen Project hypervisor. This presentation is meant to provide guidelines to anyone interested in building a professional security product utilizing the latest Xen Project features.

George Dunlap, senior engineer at Citrix, will provide an overview on how developers can improve the code review process for maintainers before they review a patch.

Julien Grall, software virtualization engineer at ARM, will cover how to understand how page table should be compliant with the ARM specifications; he will also give an overview of how Xen ARM is handling page table.

Weidong Han, architect of virtualization at Huawei, will discuss his team’s analysis on Xen Project core scalability features and functions.

Jun Nakajima, senior principal engineer at Intel, will highlight what it takes to build HPC Cloud based on Xen Project software.

Konrad Wilk, software development manager at Oracle, will provide an overview about bringing hot-patching to the Xen Project hypervisor. This new feature will allow system administrators to update the hypervisor without the need to reboot.

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

SAN FRANCISCO, May 11, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced Huawei, a global information and communications technology (ICT) solutions provider, is a new Advisory Board member. The Xen Project Advisory Board consists of major cloud companies, virtualization providers, enterprise IR, silicon vendors, among others, that advise and support the development of Xen Project software for cloud computing, and embedded and IoT use-cases.

Huawei is the largest telecommunications equipment manufacturer in the world, and has consistently contributed to open source projects from The Linux Foundation. It became a platinum member of the Linux Foundation in 2015, the highest level of investment at The Linux Foundation. Huawei is also an active member of several of Linux Foundation projects, including OPNFV, Open Container Initiative, Cloud Native Computing Foundation, IO Visor, and Kinetic Open Storage Project.

Open source, especially in cloud computing, has grown tremendously in China over the last few years. As key technologies are increasingly built collaboratively, more and more Chinese companies are using open source to leapfrog competitors and are joining the Linux Foundation’s open source projects to help drive further growth and development. “Xen Project pushes the envelope with the next generation of technologies that support cloud computing, and we look forward to joining the board and community to help propel cloud computing even further,” said Guangniu Su, Director of Huawei UVP Team.

“Xen Project software is a perfect fit for hyper-scale clouds, and we look forward to continuing to use this technology in our cloud and business strategy to provide the best services to enterprise IT.” Xen Project software offers superior flexibility, performance, scalability and advanced security features for cloud computing. It supports multiple cloud platforms and powers some of the largest clouds in production today, including Alibaba’s Aliyun Cloud Services, Amazon Web Services, IBM Softlayer, Tencent, Rackspace and Oracle, to name a few. Member involvement includes, financial support, technical contributions and high-level policy guidance.

“There’s been a tremendous uptick in contributor growth coming from China for the Xen Project,” said Lars Kurth, chairperson of the Xen Project. “We are excited to have more companies based in China join the Advisory Board and look forward to working with Huawei on contributions and growth of the Xen Project technology.”

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

The Release Marks The Best Quality and Quantity of Contribution

San Francisco, October 13, 2015 -- The Xen Project, Collaboration Project hosted at The Linux Foundation, today announced the release of Xen Project 4.6. The new release comes equipped with greater security, improvements to network throughput as well as upgraded migration.

With this release, Xen Project’s Virtual Machine Introspection (VMI) is natively supported on both Intel and ARM chips, making it an ideal API for developers building monitoring and security applications. Additional updates allow for increased stability, scalability and usability to create a stable baseline for third-party security applications, including malware detection, forensics, security auditing and more.

Updates to the VMI create the foundation for easier integration with IT monitoring tools for more centralized management, while the inclusion of Intel® Cache Allocation Technology (CAT) and Memory Bandwidth Monitoring (MBM) enable additional system resources monitoring.

“Stability, performance and security are critical when it comes to running software on the modern Internet and cloud systems,” said Lars Kurth, Xen Project Advisory Board Chairperson. “The new Xen Project release puts these capabilities front and center and allows system administrator to determine where system vulnerabilities might lie to proactively assess potential security risks and to centralize and monitor how instances in IT infrastructure are affecting the overall stability of the environment.”

“Citrix has built the Xen Project Hypervisor 4.6 release into XenServer Dundee, which recently entered public beta. The alignment of the release cycle of Xen 4.6 and the production of the XenServer Dundee series of alpha and beta releases allowed us to improve the quality of both Xen and XenServer by continuously testing the XenServer Dundee and Xen 4.6 integration,” said James Bulpin, Senior Director of Technology and Chief Architect of XenServer, Citrix Systems. “The combination of early testing of Xen 4.6 makes us confident that the latest release will be one of the highest quality Xen Project releases so far, and will help us make XenServer Dundee one of the best XenServer releases as well.”

New features and capabilities of Xen Project 4.6:

Enables a new class of security applications: A number of significant improvements to Xen’s Virtual Machine Introspection (VMI) subsystems make it the best hypervisor for security applications. Hardware support for VM Functions (VMFunc) available on Intel’s 4th generation Haswell CPUs and Atom Silvermont CPUs decreases overheads. Support for Virtualization Exceptions is now available on Intel’s 5th generation Broadwell CPUs and Atom Goldmont CPUs has significantly reduced latency. VMI support for ARM CPUs has also been added.

Major improvements to scalability: Finer-grained grant table locks lead to significant scalability improvements in the Xen Project. For example, aggregate intrahost network throughput has improved more than 100% in some cases. In addition, byte-range locks were replaced with ticket locks, which have better fairness properties than previously used locks for improved scalability.

Redesign of live migration components to better support high availability: The Xen Project Hypervisors Live Migration subsystem implemented its second version (Migration v2) to be more robust, extensible and able to handle next-generation infrastructures. It has been tested by several vendors to ensure it is enterprise-ready. The updates provide better performance for 64 bit systems and add support for cross-bitness migration between 32 and 64 bit hosts. Migration v2 is optimized for PVH and Coarse-grained Lock-stepping (COLO), which will be fully integrated with Xen in the next release. In addition, Page Modification Logging (PML) was implemented for Intel CPUs, improving SpecJBB performance by 7.6% in log dirty mode.

Better quality: During the Xen 4.6 release cycle, the Xen Project increased its integration test capability by creating CI loops for Xen Hypervisor and OpenStack testing. Besides running tests on more hardware configurations, the number of test cases nearly doubled during the 4.6 release cycle, contributing to the best quality release yet. This is also reflected in test results by 3rd party vendor test suites, which are regularly run on the Xen Project codebase.

ARM support: The new release increases the maximum number of supported VCPUs for 64-bit ARM CPUs from 8 to 128 and adds support for 32-bit userspace applications to 64-bit guests. Additionally, new IP blocks, firmware interfaces and platforms are supported, such as non-PCI passthrough support, OVMF for ARM and GICv2 on GICv3 support. During the hardening phase of Xen 4.6, members of the Xen Project community closely collaborated with the CentOS Virtualization SIG to build and test Xen 4.6 packages for CentOS 7’s 64-bit ARM variant and tested it against OpenStack using libvirt. The full release of the Xen 4.6 CentOS 7 packages is available here.

Updates for automotive and embedded systems: The new release added support for two platforms targeting the embedded and automotive market segments: Xilinx Zynq® UltraScale+™ MPSoC and support for the Renesas R-Car Gen2 SoCs.

Intel Platform QoS Technologies for improved scalability and performance: Intel® Cache Allocation Technology (CAT) and Memory Bandwidth Monitoring (MBM) are included, which build on the Cache Monitoring Technology (CMT) introduced in Xen 4.5. CAT allows system administrators to assign more L3 cache capacity to individual VMs, resulting in lower latency and higher performance for high-priority workloads such as NFV, real-time and video-on-demand applications. MBM allows system administrators to identify memory bandwidth saturation on a Xen host that may be caused by several memory-intensive VMs running on the same host. Taking corrective actions, such as migrating VMs to a different Xen host, increases scalability and performance in the data center.

Additional Resources

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Collaborative Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Google, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

Company Leverages Open Source Virtualization to Power Online Marketplaces and Aliyun Cloud Services

San Francisco, August 13, 2015 - The Xen Project Collaborative Project hosted at The Linux Foundation today announced Aliyun, the cloud computing subsidiary of Alibaba Group Holding Limited (NYSE: BABA) is a new Advisory Board member.

Company to Present its New Open Source Project at Xen Project Developer Summit and ContainerCon

SAN FRANCISCO, July 20, 2015--The Xen Project Collaborative Project hosted at The Linux Foundation today announced a partnership with Hyper, a company offering an open source project that allows developers to run Docker images with Xen Project virtualization. Based in China, the company will be presenting “Hyper: Make VM Run Like Containers” at Xen Project Developer Summit, Aug. 17-18. The Hyper Project allows developers to run Docker images with any Xen hypervisor Xen 4.5 or later and is available for download here.

Open Source Hypervisor Community to Collaborate on New Innovations and Future of Xen Project at Annual Event

SAN FRANCISCO, June 15, 2014 – The Xen Project Collaborative Project hosted at The Linux Foundation today announced the program and speakers for theXen Project Developers Summit that unites developers, integrators and power users for in-person collaboration and educational instruction. The event will take place in Seattle on August 17-18, 2015.